North American Network Operators Group
Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: On-going Internet Emergency and Domain Names

  • From: Roland Dobbins
  • Date: Sat Mar 31 12:53:30 2007
  • Authentication-results: sj-dkim-8; [email protected]; dkim=pass ( sig from cisco.com/sjdkim8002 verified; );
  • Dkim-signature: v=0.5; a=rsa-sha256; q=dns/txt; l=2178; t=1175359482; x=1176223482; c=relaxed/simple; s=sjdkim8002; h=Content-Type:From:Subject:Content-Transfer-Encoding:MIME-Version; d=cisco.com; [email protected]; z=From:=20Roland=20Dobbins=20<[email protected]> |Subject:=20Re=3A=20On-going=20Internet=20Emergency=20and=20Domain=20Name s=20 |Sender:=20; bh=BPEtLbI8CBINpul3UY4VNU3JfKxMn68e/ukSJsRfxig=; b=H6Bez0S9mACymwlutjrRihd60LRBCGWPv/TaV5yngUmmmNiwoRcP1JrJ5Bg8iK3nTT5V3BWM Xr0S0W47wmUuXTo4/vGYpuXmWh+aiS7lwI/MUHXA+ZWteriKQtaak19z;


On Mar 31, 2007, at 9:20 AM, Paul Vixie wrote:

fundamentally, this isn't a dns technical problem, and using dns technology
to solve it will either not work or set a dangerous precedent. and since
the data is authentic, some day, dnssec will make this kind of poison
impossible.

Some SPs are doing DNS manipulation/poisoning now for various reasons, with varying degrees of utility/annoyance. If those SPs choose to manipulate their own DNS in a way which affects their own users, that's fine; if the users don't like it, they can to elsewhere. Some enterprises are doing the same kinds of things, with the same options available to the user population (though not always quite as easy to 'go elsewhere', heh).

What SPs or enterprises choose to do for/to their own user bases is between them and their users. When we start talking about involving registries, etc., that's when we've clearly jumped the shark.

There is no 'emergency', any more than there was an 'emergency' last week or the week before or the month before that - after a while, a state of 'emergency' becomes the norm, and thus the bar is raised. It's merely business as usual, and no extraordinary measures are required. Yes, there are ongoing, long-term problems, but they need rationally-thought-out, long-term solutions.

'Think globally, act locally' seems a good principle to keep in mind, along with 'Be liberal in what you accept, and conservative in what you send'. Much unnecessary grief and gnashing of teeth would be avoided if folks worries about what was going on in their own networks vs. grandiose, 'fix-the-Internet'-type 'solutions' (the appeal of the latter is that it requires no actual useful effort or sacrifice on one's own part, merely heated rhetoric and a pointed finger, which appeals to some of the least attractive aspects of human nature).

-----------------------------------------------------------------------
Roland Dobbins <[email protected]> // 408.527.6376 voice

Words that come from a machine have no soul.

-- Duong Van Ngo